CN109150813B - Device verification method and device - Google Patents
Device verification method and device Download PDFInfo
- Publication number
- CN109150813B CN109150813B CN201710503208.9A CN201710503208A CN109150813B CN 109150813 B CN109150813 B CN 109150813B CN 201710503208 A CN201710503208 A CN 201710503208A CN 109150813 B CN109150813 B CN 109150813B
- Authority
- CN
- China
- Prior art keywords
- information
- verification
- target device
- verification information
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Power Engineering (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
本发明实施例提供了一种设备的验证方法及装置,方法包括:验证设备在确定待验证的目标设备接入后,从目标设备中获得第一验证信息;获得用于验证目标设备是否为正版的第二验证信息;将第一验证信息与第二验证信息进行匹配;当匹配成功时,确定目标设备为正版。本发明实施例中,验证设备根据所获得的第二验证信息以及目标设备中所存储的第一验证信息,自动验证目标设备是否为正版,验证过程无需人工参与,并且第一验证信息无需对外公开,第一验证信息不易被伪造,使得验证确定结果更为准确,实现对目标设备是否为正版的有效识别验证。
Embodiments of the present invention provide a device verification method and device. The method includes: after the verification device determines that the target device to be verified is connected, obtain first verification information from the target device; obtain the first verification information for verifying whether the target device is genuine the second verification information; match the first verification information with the second verification information; when the matching is successful, determine that the target device is genuine. In the embodiment of the present invention, the verification device automatically verifies whether the target device is genuine according to the obtained second verification information and the first verification information stored in the target device, the verification process does not require manual participation, and the first verification information does not need to be disclosed to the public , the first verification information is not easily forged, so that the verification and determination result is more accurate, and the effective identification and verification of whether the target device is genuine is realized.
Description
Technical Field
The invention relates to the technical field of equipment safety, in particular to a method and a device for verifying equipment.
Background
In the current market, target devices (such as hardware devices with storage functions, for example, SSD (Solid State Drive)) are often copied. In the prior art, in order to prevent a target device produced by a manufacturer at home from being copied, a unique tag is generally attached to the produced target device to identify the target device as the target device produced at home, where the tag may include a SN (Serial Number, product Serial Number, also called machine code, authentication code, registration application code, etc.), a WWN (World Wide Name, global unique Name), a Model No (Model Number, product Model Number), a two-dimensional code, and other tags.
However, the above labels are all easily imitated. The consumer and the manufacturer still cannot identify whether the target device in the market is the genuine product through the tag, that is, the consumer and the manufacturer cannot identify whether the target device in the market is the target device produced by the manufacturer corresponding to the tag.
Disclosure of Invention
The embodiment of the invention aims to provide a device verification method and a device, so as to realize effective identification verification of whether a hardware device is a legal version. The specific technical scheme is as follows:
in one aspect, an embodiment of the present invention provides a method for verifying a device, where the method includes:
after determining that target equipment to be verified is accessed, the verification equipment obtains first verification information from the target equipment;
obtaining second verification information, wherein the second verification information is: information for verifying whether the target device is genuine;
matching the first authentication information with the second authentication information;
and when the matching is successful, determining that the target equipment is the legal edition.
Optionally, when the first verification information includes first vendor information corresponding to the target device, the second verification information includes second vendor information;
the step of matching the first authentication information with the second authentication information includes:
and matching the first manufacturer information with the second manufacturer information.
Optionally, the first vendor information is stored in a first predetermined storage location of the target device;
the step of obtaining first authentication information from the target device includes:
obtaining the first vendor information from the first predetermined storage location in the target device.
Optionally, when the first verification information includes first firmware information corresponding to the target device, the second verification information includes second firmware information;
the step of matching the first authentication information with the second authentication information includes:
and matching the first firmware information with the second firmware information.
Optionally, the first firmware information is stored in a second predetermined storage location of the target device;
the step of obtaining first authentication information from the target device includes:
obtaining the first firmware information from the second predetermined storage location in the target device.
Optionally, the first verification information is encrypted by using a target key and a first encryption algorithm;
prior to the step of matching the first authentication information with the second authentication information, the method further comprises:
obtaining the target key and the first encryption algorithm;
decrypting the obtained first verification information by using the target key and the first encryption algorithm to obtain decrypted first verification information;
the step of matching the first authentication information with the second authentication information includes:
and matching the decrypted first verification information with the second verification information.
Optionally, before the step of obtaining the first verification information from the target device, the method further includes:
after determining that target equipment is accessed, the verification equipment obtains an equipment identifier in the target equipment and a random number generated by the target equipment;
obtaining first preset data according to the equipment identification;
encrypting the first preset data by using the random number and a second encryption algorithm to generate first encrypted data;
sending the first encrypted data to the target device so that the target device decrypts the first encrypted data by using the random number and the second encryption algorithm to obtain the first preset data; obtaining second predetermined data, judging whether the first predetermined data is the same as the obtained second predetermined data, and sending first information to the verification device when the first predetermined data is the same as the obtained second predetermined data, wherein the first information is: information describing that the authentication device is allowed to obtain the first authentication information;
and receiving and responding to the first information, and executing the step of obtaining the first verification information from the target device.
In another aspect, an embodiment of the present invention provides an apparatus for verifying a device, where the apparatus includes:
the device comprises a first obtaining module, a second obtaining module and a verification module, wherein the first obtaining module is used for obtaining first verification information from target equipment after the target equipment to be verified is determined to be accessed;
a second obtaining module, configured to obtain second verification information, where the second verification information is: information for verifying whether the target device is genuine;
the matching module is used for matching the first verification information with the second verification information;
and the first determining module is used for determining that the target equipment is the legal edition when the matching is successful.
Optionally, when the first verification information includes first vendor information corresponding to the target device, the second verification information includes second vendor information;
the matching module is particularly used for
And matching the first manufacturer information with the second manufacturer information.
Optionally, the first vendor information is stored in a first predetermined storage location of the target device;
the first obtaining module is specifically used for
Obtaining the first vendor information from the first predetermined storage location in the target device.
Optionally, when the first verification information includes first firmware information corresponding to the target device, the second verification information includes second firmware information;
the matching module is particularly used for
And matching the first firmware information with the second firmware information.
Optionally, the first firmware information is stored in a second predetermined storage location of the target device;
the first obtaining module is specifically used for
Obtaining the first firmware information from the second predetermined storage location in the target device.
Optionally, the first verification information is encrypted by using a target key and a first encryption algorithm;
the device also comprises a third obtaining module and a decryption module;
the third obtaining module is configured to obtain the target key and the first encryption algorithm before the step of matching the first verification information with the verification information;
the decryption module is configured to decrypt the obtained first verification information by using the target key and the first encryption algorithm to obtain decrypted first verification information;
the matching module is particularly used for
And matching the decrypted first verification information with the second verification information.
Optionally, the apparatus further includes a fourth obtaining module, a fifth obtaining module, an encrypting module, a sending module, and a receiving response module;
the fourth obtaining module is configured to, before the step of obtaining the first verification information from the target device, obtain, by the verification device, a device identifier in the target device and a random number generated by the target device after determining that the target device is accessed;
the fifth obtaining module is configured to obtain first predetermined data according to the device identifier;
the encryption module is used for encrypting the first preset data by using the random number and a second encryption algorithm to generate first encrypted data;
the sending module is configured to send the first encrypted data to the target device, so that the target device decrypts the first encrypted data by using the random number and the second encryption algorithm to obtain the first predetermined data; obtaining second predetermined data, judging whether the first predetermined data is the same as the obtained second predetermined data, and sending first information to the verification device when the first predetermined data is the same as the obtained second predetermined data, wherein the first information is: information describing that the authentication device is allowed to obtain the first authentication information;
the receiving response module is configured to receive and respond to the first information, and trigger the first obtaining module.
On the other hand, the embodiment of the invention provides a verification device, which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for completing mutual communication by the memory through the communication bus;
a memory for storing a computer program;
the processor is configured to implement the method for verifying the device according to the embodiment of the present invention when executing the computer program stored in the memory.
In the embodiment of the invention, after the verification equipment determines that the target equipment to be verified is accessed, first verification information is obtained from the target equipment; obtaining second verification information for verifying whether the target device is a legal version; matching the first verification information with the second verification information; and when the matching is successful, determining that the target equipment is the legal edition. The verification device automatically verifies whether the target device is the legal version or not according to the obtained second verification information and the first verification information stored in the target device, the verification process does not need manual participation, the first verification information does not need to be disclosed externally, and the first verification information is not easy to forge, so that the verification determination result is more accurate, and the effective identification and verification of whether the target device is the legal version or not are realized. Of course, it is not necessary for any product or method of practicing the invention to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a verification method for a device according to an embodiment of the present invention;
FIG. 2A is a schematic diagram of an allocation of block0 of an SSD;
FIG. 2B is a schematic diagram of another allocation of block0 of an SSD;
fig. 3 is another schematic flow chart of a verification method for a device according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an SSD controller;
fig. 5 is a schematic structural diagram of an authentication apparatus of a device according to an embodiment of the present invention;
fig. 6 is another schematic structural diagram of an authentication apparatus of a device according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an authentication device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides a device verification method and device, which are used for realizing effective identification and verification on whether hardware equipment is a legal version or not.
As shown in fig. 1, an embodiment of the present invention provides a method for verifying a device, which may include the following steps:
s101: after determining that target equipment to be verified is accessed, the verification equipment obtains first verification information from the target equipment;
s102: obtaining second verification information, wherein the second verification information is: information for verifying whether the target device is genuine;
the functional software for implementing the authentication method of the device provided by the embodiment of the present invention may be special client software, or may be a plug-in of other software with an authentication function. The functional software can be installed in any electronic device (e.g., desktop computer, tablet computer, etc.).
In one implementation, the functional software may be identified by a "windows tool", and it is understood that, in this case, the functional software may only be installed in an electronic device with an operating system that is a windows operating system.
It can be understood that the second verification information may be stored in the verification device, or may be stored in any device or cloud end with a storage function connected to the verification device. In an implementation manner, the functional software is installed in an electronic device to form the verification device provided in the embodiment of the present invention, and second verification information for verifying whether a target device is a legal device associated with the functional software may be prestored in the verification device, where the second verification information is stored in the verification device. In another implementation manner, the functional software is installed in an electronic device to form the verification device provided in the embodiment of the present invention, and the verification device may be connected to a device or a cloud end storing the second verification information, so that the verification device may obtain the second verification information from the device or the cloud end storing the second verification information. Etc., as may be desired.
The target device to be verified may be any hardware device with a storage function, for example: the target device to be verified may be an SSD (Solid State Drive) or the like.
It can be understood that, after determining that the target device to be authenticated is accessed, the authentication device may first send a first information obtaining instruction to the target device, and further, after determining that the authentication device is allowed to obtain the first authentication information according to the first information obtaining instruction, the authentication device may directly obtain the first authentication information from the target device. The first verification information may be predetermined information that is stored in the target device by a production developer in advance when the target device is shipped from a factory. Further, the predetermined information is associated with the functional software, and when the functional software is installed in an electronic device, the predetermined information may be pre-stored in the electronic device (verification device) at the same time, or the electronic device (verification device) may be connected to a device or a cloud end in which the second verification information is stored, so as to implement the device verification method provided in the embodiment of the present invention. That is, the authentication device may authenticate the target device by predetermined information (second authentication information) obtained from a device local to the authentication device or a device connected to the authentication device or a cloud, and predetermined information (first authentication information) stored in the target device.
It is understood that the first authentication information in the target device is invisible to the outside (e.g., the user of the target device, the user of the authentication device, etc.); and when the second verification information is stored in the verification device, or stored in a device or cloud connected with the verification device, the second verification information is invisible to the outside. Therefore, the confidentiality of the second verification information and the confidentiality of the first verification information can be better improved, and the accuracy of the verification result of the verification whether the target device is legal can be further improved.
It should be emphasized that, in order to better guarantee the benefit of the user of the target device, the functional software may be distributed to the network, so that any user who has a verification requirement on the target device may download the functional software at any time and obtain the second verification information associated with the functional software for verifying whether the target device is legal or not, so as to verify whether the target device is legal or not.
S103: matching the first verification information with the second verification information;
s104: and when the matching is successful, determining that the target equipment is the legal edition.
A plurality of second verification information may be stored in the verification device or in a device or cloud connected to the verification device, where each second verification information is: information for verifying whether the device to be verified is genuine. Matching the first verification information with each second verification information one by one, and when the first verification information is successfully matched with the second verification information, indicating that the second verification information obtained by the verification equipment contains the first verification information, and at the moment, determining that the target equipment is a legal version; on the contrary, when the first verification information and the second verification information are unsuccessfully matched, it is indicated that the second verification information obtained by the verification device does not include the first verification information, and at this time, it may be determined that the target device is a pirate product (i.e., an emulational product).
By applying the embodiment of the invention, the verification equipment obtains the first verification information from the target equipment after determining that the target equipment to be verified is accessed; obtaining second verification information for verifying whether the target device is a legal version; matching the first verification information with the second verification information; and when the matching is successful, determining that the target equipment is the legal edition. The verification device automatically verifies whether the target device is the legal version or not according to the obtained second verification information and the first verification information stored in the target device, the verification process does not need manual participation, the first verification information does not need to be disclosed externally, and the first verification information is not easy to forge, so that the verification determination result is more accurate, and the effective identification and verification of whether the target device is the legal version or not are realized.
In addition, the embodiment of the invention better guarantees the rights and interests of the user of the target equipment and prevents the target equipment from being forged (emulated) to a certain extent.
In an implementation manner, the first verification information may include first vendor information corresponding to the target device, or include first firmware information corresponding to the target device, or include first vendor information corresponding to the target device and first firmware information corresponding to the target device, and so on. The first vendor information may be: relevant information about the manufacturer producing the above target devices, for example: identification information of the manufacturer, flag information (preset character string) set in advance by the manufacturer, and the like. The first firmware information may be: the relevant information about the target device itself, for example: the SN (Serial Number, also called machine code, authentication code, registration application code, etc.) of the target device, WWN (World Wide Name, globally unique Name), MODLENo (Model Number, product Model Number), two-dimensional code, etc. tags.
In one case, when the first verification information includes first vendor information corresponding to the target device, the second verification information includes second vendor information;
the matching (S103) the first authentication information with the second authentication information may include:
and matching the first manufacturer information with the second manufacturer information.
In one implementation, the first vendor information may be: a string of randomly generated character strings through a USB Key (Universal Serial Bus Key), wherein the character strings have uniqueness. Before the target device leaves the factory, the character string may be stored in the target device in advance, and the character string may be associated with the functional software.
For example, the target device may be an SSD, and the first vendor information may be: a string of randomly generated strings by USB Key (Universal Serial Bus Key). It can be understood that, when the SSD leaves the factory, firmware information needs to be burned, and in the process of burning the firmware information, the string of the character string randomly generated by the USB key may be burned into the SSD.
In order to ensure the security and non-volatility of the stored first vendor information, the first vendor information may be stored in a storage location with high stability in the target device, and specifically, the first vendor information may be stored in a first predetermined storage location of the target device;
the step of obtaining the first authentication information from the target device (S101) may include:
first vendor information is obtained from a first predetermined storage location in the target device.
For example, the destination device is an SSD, and it is understood that the storage particles in the SSD are Nand Flash, and each Nand Flash block is composed of a predetermined number of blocks (for example, 1024 blocks or 2048 blocks). Wherein, 1 block in Nand Flash consists of 1024 pages (Page), and the size of 1 Page is 16 Kbyte. Since the Nand Flash block0 is the block with the highest stability, the SSD block0 is generally used as an area for storing codes (SSD-related codes) and an area for storing preset information of the SSD. In this embodiment of the present invention, the first vendor information may be stored in block0, that is, block0 may be the first predetermined storage location in this embodiment of the present invention.
In one implementation, as shown in FIG. 2A, a schematic diagram of an allocation of block0 for an SSD. The pages 0-10 are used for storing codes (related codes of the SSD), the Page11 is used as an original bad block information area for storing original bad block information (such as original bad block identifiers and/or original bad block numbers) of the SSD, the Page12 is used as a new bad block information area for storing new bad block information (such as new bad block identifiers and/or new bad block numbers) of the SSD, the Page13 is used as a "bad block distribution information area" for storing distribution information (such as positions of bad blocks) of the bad blocks of the SSD, the pages 14-20 are used as other information areas for storing other information (such as identification of the SSD) related to the SSD, and the pages 21-1023 are used as reserved areas for storing some subsequent new information related to the SSD.
In the embodiment of the present invention, the first vendor information needs to be stored in block0, which is shown in fig. 2B as another schematic diagram of a distribution manner of block0 of the SSD. The pages 0-10, 11, 12 and 13 are allocated in the same way as in fig. 2A, where Page21 is used as a "vendor information area" (i.e., a first predetermined storage location) for storing first vendor information of the SSD, and pages 22-1023 are still used as "reserved areas".
In one case, when the first verification information includes first firmware information corresponding to the target device, the second verification information includes second firmware information;
the matching (S103) the first authentication information with the second authentication information may include:
and matching the first firmware information with the second firmware information.
In one implementation, the first firmware information is stored in a second predetermined storage location of the target device;
the step of obtaining the first authentication information from the target device (S101) may include:
the first firmware information is obtained from a second predetermined storage location in the target device.
In one implementation, the target device may be an SSD, and in this case, the first firmware information may be stored in an SSD controller of the SSD, for example, in an SRAM (Static RAM) of the SSD controller. In order to better improve the accuracy of the verification result, the storage mode of the first firmware information in the target device may be set to be that the first firmware information is automatically lost after the target device is powered off, and the first firmware information is automatically generated after the target device is powered on. And controlling the generated first firmware information by presetting a generation rule. In an implementation manner, the preset generation rule may be: SN + MODLENo + WWN of the target device. It can be understood that: and cycling to use the SN or the MODEL No or the WWN as first firmware information along with the power-off and power-on processes of the target equipment. At this time, the second firmware information included in the second verification information needs to include the above "SN", "MODLENo", and "WWN".
In addition, it can also be understood that: after the "SN" and/or the "MODLENo" and/or the "WWN" are/is operated by a predetermined algorithm (for example, a simple logic operation, an MD5 value operation, or the like), the obtained operation result is used as the first firmware information, and at this time, the second firmware information included in the second verification information needs to include the operation result obtained after the "SN" and/or the "MODLENo" and/or the "WWN" are/is operated according to the predetermined algorithm, respectively, and the like. The embodiment of the present invention does not limit the specific form of the preset generation rule.
In another case, when the first verification information includes first vendor information corresponding to a target device, the first verification information may further include first firmware information corresponding to the target device (or, when the first verification information includes the first firmware information corresponding to the target device, the first verification information may further include the first vendor information corresponding to the target device). At this time, the step of matching the first vendor information with the second vendor information and the step of matching the first firmware information with the second firmware information may be performed simultaneously or sequentially, and when the matching results are both successful, the target device is determined to be a legal device, whereas when at least one of the matching results is a failed matching, the target device is determined to be a pirate device. The target equipment is subjected to double verification by utilizing the first manufacturer information, the first firmware information, the second manufacturer information and the second firmware information, so that the accuracy of a verification result is improved, the guarantee of rights and interests of a user of the target equipment is improved, and the risk of counterfeiting the target equipment is reduced.
In order to better ensure the accuracy of the verification result, the first verification information can be encrypted, and the encrypted first verification information is transmitted in the transmission process, so that even if the encrypted first verification information is illegally intercepted by a forger in the transmission process, the forger cannot know the key for decrypting the encrypted first verification information so as to obtain the decrypted first verification information, thereby avoiding the situation that the forger illegally intercepts and knows the first verification information in the transmission process, and further forging the target device by the forger. In one implementation, the first authentication information may be encrypted by using a target key and a first encryption algorithm;
before the step of matching (S103) the first authentication information with the second authentication information, the method may further include:
obtaining a target key and a first encryption algorithm;
decrypting the obtained first verification information by using the target key and the first encryption algorithm to obtain decrypted first verification information;
the matching (S103) the first authentication information with the second authentication information may include:
and matching the decrypted first verification information with the second verification information.
It should be noted that the first Encryption algorithm may be AES (Advanced Encryption Standard), and the embodiment of the present invention does not limit a specific algorithm of the first Encryption algorithm.
It can be understood that a plurality of keys and encryption algorithms may be stored in the verification device, or in the device or the cloud end connected to the verification device, and at this time, for convenience of management, the keys and the encryption algorithms corresponding to the devices are correspondingly stored in the verification device according to the identifiers of the devices. Furthermore, in order to better determine the target key and the first encryption algorithm, the authentication device may first obtain the device identifier of the target device, and obtain the target key and the first encryption algorithm from the plurality of keys and encryption algorithms according to the device identifier of the target device.
In order to better ensure the accuracy of the verification result and the security of the target device, before the verification device obtains the first verification information from the target device, the target device may further verify whether the verification device is allowed to obtain the first verification information. In one implementation, as shown in fig. 3, an embodiment of the present invention may include the following steps:
s301: after the verification equipment determines that the target equipment is accessed, equipment identification in the target equipment and a random number generated by the target equipment are obtained;
s302: obtaining first preset data according to the equipment identification;
s303: encrypting the first preset data by using the random number and a second encryption algorithm to generate first encrypted data;
s304: sending the first encrypted data to target equipment so that the target equipment decrypts the first encrypted data by using the random number and a second encryption algorithm to obtain first preset data; obtaining second preset data, judging whether the first preset data is the same as the second preset data, and sending first information to verification equipment when the first preset data is the same as the second preset data, wherein the first information is as follows: information for describing that the authentication device is allowed to obtain the first authentication information; the second predetermined data may be stored locally in the target device;
s305: receiving and responding to the first information;
s306: obtaining first verification information from a target device;
s307: obtaining second verification information, wherein the second verification information is: information for verifying whether the target device is genuine;
s308: matching the first verification information with the second verification information;
s309: and when the matching is successful, determining that the target equipment is the legal edition.
Here, S306 is the same as S101 shown in fig. 1, S307 is the same as S102 shown in fig. 1, S308 is the same as S103 shown in fig. 1, and S309 is the same as S104 shown in fig. 1.
It is to be understood that the first encryption algorithm and the second encryption algorithm may be the same or different, and both are possible.
After the target device determines that the verification device is allowed to obtain the device identifier according to the second information obtaining instruction, the verification device may directly obtain the device identifier of the target device from the target device, obtain the random number generated by the target device, and then perform a verification process of subsequent devices.
In one implementation, the destination device is an SSD, and the SSD generally performs information interaction with the authentication device based on its SSD controller (for example, the SSD controller may receive the second information obtaining instruction, determine whether the authentication device is allowed to obtain the device identifier according to the second information obtaining instruction, notify the authentication device to obtain the device identifier after determining that the authentication device is allowed to obtain the device identifier, or send the device identifier to the authentication device, and so on).
In one implementation. As shown in fig. 4, an encryption/decryption module (for performing encryption/decryption using the second encryption algorithm) and a random number generation module (for generating a random number) may be added to the SSD controller according to the embodiment of the present invention. In addition, the functions of encrypting and decrypting by using the second encryption algorithm and generating the random number can also be realized by software, and at the moment, the software can be burned into the SSD controller, which is all right. The SSD controller in fig. 4 may further include a "Sata/pic interface" (i.e., the pic interface of the Sata protocol), "GPI 0" (i.e., General Programmable Input/Output), "ECC (Error Checking and Correcting )/LDPC (Low Density Parity Check Code)", "DDR (Double Rate synchronous dynamic random access memory, Double Data Rate) interface", "SRAM", and "FLASH interface".
The following describes a method for verifying a device according to an embodiment of the present invention with a specific embodiment:
after determining that the target device B is accessed, the verification device A sends a second information acquisition instruction to the target device B;
the target device B receives and responds to the second information acquisition instruction, and sends a device identifier a and a generated random number B to the verification device A;
the verification device A obtains the device identification a and the random number b; obtaining first preset data C according to the equipment identifier a; encrypting the first preset data C by using the random number b and a second encryption algorithm D to generate first encrypted data C; sending the first encrypted data c to the target device B;
the target device B obtains first encrypted data C, and the target device B decrypts the first encrypted data C by using the random number B and a second encryption algorithm D to obtain first preset data C; obtaining second preset data E, judging whether the first preset data C is the same as the second preset data E, and when the judgment is the same, sending first information M for describing that the verification device A is allowed to obtain first verification information N to the verification device A; the second predetermined data E may be stored in the local of the target device B;
the verification device A receives and responds to the first information M and obtains first verification information N from the target device B, wherein the first verification information N is encrypted by using a target secret key P and a first encryption algorithm Q;
the verification device A obtains a target secret key P and a first encryption algorithm Q, and decrypts the first verification information N by using the target secret key P and the first encryption algorithm Q to obtain decrypted first verification information N; and acquiring second verification information, matching the decrypted first verification information N with the acquired second verification information, and determining that the target device B is a legal version when the matching is successful. The target key P, the first encryption algorithm Q, and the second verification information may be stored in the verification device a, or may be stored in a device or a cloud end connected to the verification device a and having a storage function.
Corresponding to the above method embodiment, an embodiment of the present invention provides an apparatus for verifying a device, and as shown in fig. 5, the apparatus may include:
a first obtaining module 510, configured to obtain first verification information from a target device to be verified after determining that the target device is to be verified to access;
a second obtaining module 520, configured to obtain second verification information, where the second verification information is: information for verifying whether the target device is genuine;
a matching module 530, configured to match the first verification information with the second verification information;
a first determining module 540, configured to determine that the target device is an original when the matching is successful.
By applying the embodiment of the invention, the verification equipment obtains the first verification information from the target equipment after determining that the target equipment to be verified is accessed; obtaining second verification information for verifying whether the target device is a legal version; matching the first verification information with the second verification information; and when the matching is successful, determining that the target equipment is the legal edition. The verification device automatically verifies whether the target device is the legal version or not according to the obtained second verification information and the first verification information stored in the target device, the verification process does not need manual participation, the first verification information does not need to be disclosed externally, and the first verification information is not easy to forge, so that the verification determination result is more accurate, and the effective identification and verification of whether the target device is the legal version or not are realized.
In one implementation, when the first verification information includes first vendor information corresponding to the target device, the second verification information includes second vendor information;
the matching module 530 is particularly used for
And matching the first manufacturer information with the second manufacturer information.
In one implementation, the first vendor information is stored in a first predetermined storage location of the target device;
the first obtaining module 510 is specifically configured to
Obtaining the first vendor information from the first predetermined storage location in the target device.
In one implementation, when the first verification information includes first firmware information corresponding to the target device, the second verification information includes second firmware information;
the matching module 530 is particularly used for
And matching the first firmware information with the second firmware information.
In one implementation, the first firmware information is stored in a second predetermined storage location of the target device;
the first obtaining module 510 is specifically configured to
Obtaining the first firmware information from the second predetermined storage location in the target device.
In one implementation, the first verification information is encrypted by using a target key and a first encryption algorithm;
the device also comprises a third obtaining module and a decryption module;
the third obtaining module is configured to obtain the target key and the first encryption algorithm before the step of matching the first verification information with the verification information;
the decryption module is configured to decrypt the obtained first verification information by using the target key and the first encryption algorithm to obtain decrypted first verification information;
the matching module 530 is particularly used for
And matching the decrypted first verification information with the second verification information.
In one implementation, based on the structure shown in fig. 5, as shown in fig. 6, the apparatus may further include a fourth obtaining module 610, a fifth obtaining module 620, an encrypting module 630, a sending module 640, and a response receiving module 650;
the fourth obtaining module 610 is configured to, before the step of obtaining the first verification information from the target device, obtain, by the verification device, a device identifier in the target device and a random number generated by the target device after determining that the target device is accessed;
the fifth obtaining module 620 is configured to obtain first predetermined data according to the device identifier;
the encryption module 630 is configured to encrypt the first predetermined data by using the random number and a second encryption algorithm to generate first encrypted data;
the sending module 640 is configured to send the first encrypted data to the target device, so that the target device decrypts the first encrypted data by using the random number and the second encryption algorithm to obtain the first predetermined data; obtaining second predetermined data, judging whether the first predetermined data is the same as the obtained second predetermined data, and sending first information to the verification device when the first predetermined data is the same as the obtained second predetermined data, wherein the first information is: information describing that the authentication device is allowed to obtain the first authentication information;
the receiving response module 650 is configured to receive and respond to the first information, and trigger the first obtaining module 510.
Corresponding to the above method embodiment, the embodiment of the present invention further provides an authentication apparatus, as shown in fig. 7, including a processor 710, a communication interface 720, a memory 730, and a communication bus 740, where the processor 710, the communication interface 720, and the memory 730 communicate with each other through the communication bus 740,
a memory 730 for storing a computer program;
the processor 710, when executing the computer program stored in the memory 730, implements the following steps:
after determining that target equipment to be verified is accessed, obtaining first verification information from the target equipment;
obtaining second verification information, wherein the second verification information is: information for verifying whether the target device is genuine;
matching the first authentication information with the second authentication information;
and when the matching is successful, determining that the target equipment is the legal edition.
By applying the embodiment of the invention, the verification equipment obtains the first verification information from the target equipment after determining that the target equipment to be verified is accessed; obtaining second verification information for verifying whether the target device is a legal version; matching the first verification information with the second verification information; and when the matching is successful, determining that the target equipment is the legal edition. The verification device automatically verifies whether the target device is the legal version or not according to the obtained second verification information and the first verification information stored in the target device, the verification process does not need manual participation, the first verification information does not need to be disclosed externally, and the first verification information is not easy to forge, so that the verification determination result is more accurate, and the effective identification and verification of whether the target device is the legal version or not are realized.
Optionally, when the first verification information includes first vendor information corresponding to the target device, the second verification information includes second vendor information;
the verification device, in executing the process of implementing the matching of the first verification information and the second verification information, is specifically configured to:
and matching the first manufacturer information with the second manufacturer information.
Optionally, the first vendor information is stored in a first predetermined storage location of the target device;
the verification device, in executing the process of obtaining the first verification information from the target device, is specifically configured to:
obtaining the first vendor information from the first predetermined storage location in the target device.
Optionally, when the first verification information includes first firmware information corresponding to the target device, the second verification information includes second firmware information;
the verification device, in executing the process of implementing the matching of the first verification information and the second verification information, is specifically configured to:
and matching the first firmware information with the second firmware information.
Optionally, the first firmware information is stored in a second predetermined storage location of the target device;
the verification device, in executing the process of obtaining the first verification information from the target device, is specifically configured to:
obtaining the first firmware information from the second predetermined storage location in the target device.
Optionally, the first verification information is encrypted by using a target key and a first encryption algorithm;
before performing the matching of the first authentication information and the second authentication information, the authentication device is further configured to:
obtaining the target key and the first encryption algorithm;
decrypting the obtained first verification information by using the target key and the first encryption algorithm to obtain decrypted first verification information;
the verification device, in executing the process of implementing the matching of the first verification information and the second verification information, is specifically configured to:
and matching the decrypted first verification information with the second verification information.
Optionally, before performing the obtaining of the first authentication information from the target device, the authentication device is further configured to:
after determining that target equipment is accessed, acquiring an equipment identifier in the target equipment and a random number generated by the target equipment;
obtaining first preset data according to the equipment identification;
encrypting the first preset data by using the random number and a second encryption algorithm to generate first encrypted data;
sending the first encrypted data to the target device so that the target device decrypts the first encrypted data by using the random number and the second encryption algorithm to obtain the first preset data; obtaining second predetermined data, judging whether the first predetermined data is the same as the obtained second predetermined data, and sending first information to the verification device when the first predetermined data is the same as the obtained second predetermined data, wherein the first information is: information describing that the authentication device is allowed to obtain the first authentication information;
and receiving and responding to the first information, and executing the process of obtaining the first verification information from the target device.
The communication bus mentioned in the above authentication device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the authentication device and other devices.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
Corresponding to the foregoing method embodiment, an embodiment of the present invention further provides a computer-readable storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the computer program implements the following steps:
after determining that target equipment to be verified is accessed, obtaining first verification information from the target equipment;
obtaining second verification information, wherein the second verification information is: information for verifying whether the target device is genuine;
matching the first authentication information with the second authentication information;
and when the matching is successful, determining that the target equipment is the legal edition.
By applying the embodiment of the invention, the verification equipment obtains the first verification information from the target equipment after determining that the target equipment to be verified is accessed; obtaining second verification information for verifying whether the target device is a legal version; matching the first verification information with the second verification information; and when the matching is successful, determining that the target equipment is the legal edition. The verification device automatically verifies whether the target device is the legal version or not according to the obtained second verification information and the first verification information stored in the target device, the verification process does not need manual participation, the first verification information does not need to be disclosed externally, and the first verification information is not easy to forge, so that the verification determination result is more accurate, and the effective identification and verification of whether the target device is the legal version or not are realized.
Optionally, when the first verification information includes first vendor information corresponding to the target device, the second verification information includes second vendor information;
when executed by the processor, the computer program implements the process of matching the first verification information with the second verification information, and is specifically configured to:
and matching the first manufacturer information with the second manufacturer information.
Optionally, the first vendor information is stored in a first predetermined storage location of the target device;
the computer program, when executed by the processor, is configured to, in the process of obtaining the first verification information from the target device, specifically:
obtaining the first vendor information from the first predetermined storage location in the target device.
Optionally, when the first verification information includes first firmware information corresponding to the target device, the second verification information includes second firmware information;
when executed by the processor, the computer program implements the process of matching the first verification information with the second verification information, and is specifically configured to:
and matching the first firmware information with the second firmware information.
Optionally, the first firmware information is stored in a second predetermined storage location of the target device;
the computer program, when executed by the processor, is configured to, in the process of obtaining the first verification information from the target device, specifically:
obtaining the first firmware information from the second predetermined storage location in the target device.
Optionally, the first verification information is encrypted by using a target key and a first encryption algorithm;
the computer program, when executed by a processor, further configured to, prior to said matching the first authentication information with the second authentication information:
obtaining the target key and the first encryption algorithm;
decrypting the obtained first verification information by using the target key and the first encryption algorithm to obtain decrypted first verification information;
when executed by the processor, the computer program implements the process of matching the first verification information with the second verification information, and is specifically configured to:
and matching the decrypted first verification information with the second verification information.
Optionally, the computer program, when executed by the processor, is further configured to, before obtaining the first authentication information from the target device:
after determining that target equipment is accessed, acquiring an equipment identifier in the target equipment and a random number generated by the target equipment; obtaining first preset data according to the equipment identification;
encrypting the first preset data by using the random number and a second encryption algorithm to generate first encrypted data;
sending the first encrypted data to the target device so that the target device decrypts the first encrypted data by using the random number and the second encryption algorithm to obtain the first preset data; obtaining second predetermined data, judging whether the first predetermined data is the same as the obtained second predetermined data, and sending first information to the verification device when the first predetermined data is the same as the obtained second predetermined data, wherein the first information is: information describing that the authentication device is allowed to obtain the first authentication information;
and receiving and responding to the first information, and executing the process of obtaining the first verification information from the target device.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (13)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710503208.9A CN109150813B (en) | 2017-06-27 | 2017-06-27 | Device verification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710503208.9A CN109150813B (en) | 2017-06-27 | 2017-06-27 | Device verification method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109150813A CN109150813A (en) | 2019-01-04 |
| CN109150813B true CN109150813B (en) | 2021-11-05 |
Family
ID=64805321
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710503208.9A Active CN109150813B (en) | 2017-06-27 | 2017-06-27 | Device verification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109150813B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111552486B (en) * | 2020-04-27 | 2024-02-09 | 苏州浪潮智能科技有限公司 | SSD firmware burning method and related components |
| CN112231780A (en) * | 2020-09-25 | 2021-01-15 | 西安科芮智盈信息技术有限公司 | Method and device for detecting video image line connection state |
| CN112464211B (en) * | 2020-12-21 | 2024-08-20 | 合肥大唐存储科技有限公司 | Method for verifying information in solid state disk, solid state disk and server |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104794626A (en) * | 2015-04-28 | 2015-07-22 | 广东欧珀移动通信有限公司 | An anti-counterfeiting method and device based on hardware information |
| CN105634746A (en) * | 2016-03-23 | 2016-06-01 | 四川华拓光通信股份有限公司 | Anti-counterfeiting method of SFP (Small Form-factor Pluggable) optical module |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102004965B (en) * | 2010-12-08 | 2013-03-27 | 吉林大学 | Double ant-counterfeiting method and system of product |
| CN102129637A (en) * | 2011-01-18 | 2011-07-20 | 南京信息工程大学 | Commodity anti-counterfeiting method based on security mechanism |
| CN102880838A (en) * | 2012-09-04 | 2013-01-16 | 深圳市芯海科技有限公司 | Method and device for detecting electronic equipment |
| CN103607645B (en) * | 2013-11-22 | 2017-06-23 | 深圳市九洲电器有限公司 | A kind of Set Top Box method for preventing piracy and Set Top Box |
| CN104200153B (en) * | 2014-09-12 | 2019-04-16 | 北京赛科世纪科技股份有限公司 | A kind of starting verification method and system |
| CN104537299B (en) * | 2014-12-10 | 2017-10-24 | 深圳先进技术研究院 | A kind of electronic equipment detection method and its system, relevant device |
| US20160307246A1 (en) * | 2015-04-15 | 2016-10-20 | Master Supplements, Inc. | On-Line Authentication of Natural Dietary Supplements to Ensure Source and Quality |
| CN105631687B (en) * | 2015-12-24 | 2017-12-29 | 腾讯科技(深圳)有限公司 | Product Validation method and device |
| CN106657033A (en) * | 2016-12-02 | 2017-05-10 | 美的智慧家居科技有限公司 | Method for verifying validity of device and generating authorization information, and communication device |
-
2017
- 2017-06-27 CN CN201710503208.9A patent/CN109150813B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104794626A (en) * | 2015-04-28 | 2015-07-22 | 广东欧珀移动通信有限公司 | An anti-counterfeiting method and device based on hardware information |
| CN105634746A (en) * | 2016-03-23 | 2016-06-01 | 四川华拓光通信股份有限公司 | Anti-counterfeiting method of SFP (Small Form-factor Pluggable) optical module |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109150813A (en) | 2019-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI817930B (en) | Device programming system with device authentication | |
| US11258792B2 (en) | Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium | |
| CN113271212B (en) | Certificate issuance dependent on key authentication | |
| CN112182550A (en) | Authorization method, authorization system, activation device and computing equipment for application program | |
| TW201820132A (en) | Unified programming environment for programmable devices | |
| WO2017078624A1 (en) | System and method for managing installation of an application package requiring high-risk permission access | |
| US8769295B2 (en) | Computing system feature activation mechanism | |
| JP6967449B2 (en) | Methods for security checks, devices, terminals and servers | |
| CN110096849A (en) | A kind of License authorization and authentication method, device, equipment and readable storage medium storing program for executing | |
| US20140157368A1 (en) | Software authentication | |
| CN110832479A (en) | System and method for software activation and license tracking | |
| CN109982150B (en) | Trust chain establishing method of intelligent television terminal and intelligent television terminal | |
| CN110177111B (en) | Information verification method, system and device | |
| CN116710914A (en) | Key revocation for edge devices | |
| CN109150813B (en) | Device verification method and device | |
| CN110324283A (en) | Licensing Methods, apparatus and system based on asymmetric encryption | |
| CN116561734A (en) | A verification method, device, computer and computer configuration system | |
| CN111628863A (en) | Data signature method and device, electronic equipment and storage medium | |
| CN108881132A (en) | Using authorization method, client, server and computer-readable medium | |
| JPWO2006075355A1 (en) | Peripheral device of programmable logic controller | |
| WO2022068693A1 (en) | Preprocessing method, processing method, decrypting and reading methods, device, and medium | |
| US11455379B2 (en) | Control system and method thereof for secure manufacturing | |
| JP7535071B2 (en) | Control system and control method applied to safe manufacturing | |
| EP3731127B1 (en) | Control system and method thereof for secure manufacturing | |
| CN110414192B (en) | Control and management system and method applied to safety manufacture |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200325 Address after: 310051 room 307, floor B, building 2, No. 399, Danfeng Road, Binjiang District, Hangzhou City, Zhejiang Province Applicant after: Hangzhou Haikang Storage Technology Co., Ltd Address before: 430074 East Lake Development Zone, Wuhan City, Hubei Province, No. 1 Software Park, Guanshan Road, Phase 5, Building F4, Room 21, Room 01 Applicant before: WUHAN HIKVISION STORAGE TECHNOLOGY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |